View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0007083 | OXID eShop (all versions) | 1.05. Users | public | 2020-02-06 07:12 | 2024-07-03 08:58 |
| Reporter | Moehlis | Assigned To | |||
| Priority | low | Severity | trivial | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Product Version | 6.1.3 | ||||
| Fixed in Version | 7.0.0-rc1 | ||||
| Summary | 0007083: changeuser doesn't check raw password input | ||||
| Description | When registering, using a password containing ">" is no problem. But when changing email address in my-account, the password is not accepted. Problem is located in OxidEsales\EshopCommunity\Core\InputValidator:checkLogin is: \OxidEsales\Eshop\Core\Registry::getConfig()->getRequestParameter('user_password'); should be: \OxidEsales\Eshop\Core\Registry::getConfig()->getRequestParameter('user_password', true); See OxidEsales\EshopCommunity\Application\Component\UserComponent:createUser for reference. Affects _all_ Shop Versions. | ||||
| Tags | User, Validation | ||||
| Theme | Not defined | ||||
| Browser | Not defined | ||||
| PHP Version | Not defined | ||||
| Database Version | Not defined | ||||
